Encryption's evolving role

It's a pleasant summer evening and you're out for a stroll in your neighborhood. While walking down a somewhat unfamiliar street, you notice that the front door on a large house is open. There is no sign of activity, no cars in the driveway, no light on in the house. Perhaps the people who live there have had to leave in a hurry and forgot to lock or close the door tightly.

Do you enter the house, go inside, wander around, perhaps take a snack in the fridge and then leave? Or do you go up the front steps and close the door? Or perhaps find a neighbor? Or even call the police when you get home to let them know about the problem?

That question fascinates Ron Moritz, the chief technology officer of Finjan Software, a company that specializes in online security. And it's one of the reasons that Mr. Moritz favors creating some controls over the way people access and use the Internet.

"The same rules that have driven human nature and societies for thousands of years should rule on the Web," says Moritz. "Rules like 'Do unto others as you would have them do unto you.' But until the medium matures, we're going to need some tougher rules."

So why do people who would never walk into someone's house believe that it's perfectly acceptable to hack their way into another person's or business's Web site or network computer system?

"It's the anonymity factor," says Moritz. "And it's funny how it makes people, even governments react. I believe that those who are grounded in ethics remain there. But look at what the government of France is doing. They have made no bones about the fact that they have their cyberspace espionage capabilities to steal secrets from US companies. Is that grounded in ethics? That's why there is a need for protections."

Moritz says another reason for strong laws is that in the not-too-distant future, wars will be fought against a country's information infrastructure.

"Three days loss of information services would bring the economy to its knees. So, the government has a responsibility to protect our borders, both physically and virtually."

But ideas like this concern many civil libertarians and groups such as Americans for Computer Privacy. They believe that by creating systems like Fidnet, the just-announced government computer monitoring system designed to protect the nation's crucial data networks from intruders and to be overseen by the Federal Bureau of Investigation, the government has gone too far and now threatens people's First and Fourth Amendment rights.

"The answer to how to protect the country against cyber-terrorism or cyber-crime is not to allow the FBI or other government organizations to have access to our personal files, but to give them the expertise to deal with the real problem," says Sue Richards, of Americans for Computer Privacy.

For Ms. Richards the best way to protect Americans online is by giving them the tools to protect themselves, like strong encryption software that businesses and individuals can use to protect their most sensitive data.

"By not allowing American companies to build and export the best encryption software available, the government is crippling US industry," says Richards. "But more than that, I truly believe that they are endangering our national security. If we allow other nations to take the lead in developing top encryption programs, then we will always be at a disadvantage to online terrorists. Because if terrorists are using American encryption programs, then the people who built it can help you figure out how to break it."

Moritz knows that the image of a Big Brother approach will unsettle many Americans - the idea that the government can track what you're doing online.

But he disagrees with Richards about the need for privacy online, mainly because, he says, it has never existed in the first place.

"Privacy in general in the US is a fallacy. To be honest, I don't have an expectation of privacy online. With a little bit of work, detectives or a legitimate business can find out almost everything about you online in perfectly legal ways. Almost all credit card information, for instance, is public info."

And Moritz always comes back to what he considers is the real nugget of this debate - the ethics of being online.

"There is always a fine line between the rights of law enforcement and the rights of the individual in any kind of community. We make compromises every day on our privacy in order to live in a community that wants to keep bad elements in check. And online shouldn't be any different.

"You can't be a cyber-survivalist," Moritz says. "You can't just go off with your encryption program and ignore everything else that is happening on the Web. The medium just doesn't work that way."